 |
| December 2010 |
How to Prevent a WikiLeaks-Style BreachBy Samara Lynn, PC Magazine Editor’s note: Identifying and preventing these types of insider threats – especially from privileged users – is one of the top use cases for Database Activity Monitoring (DAM) technologies like InfoSphere Guardium. Many security organizations initially focus on network or end-point DLP tools to address the insider threat – for example, to prevent data from being stolen via email or USB drives – because they’ve traditionally focused on securing network perimeters and end-user desktops rather than data center applications and databases. However, many industry experts believe it’s far more effective to monitor for unauthorized or suspicious access to critical data at the source – in the data center – such as someone downloading massive quantities of information after hours. DAM technologies can immediately identify these types of activities using simple policy-based controls and anomaly detection, while complementary technologies, such as Security Information and Event Management (SIEM) solutions, are used to correlate activities at the database tier with user actions on other systems such as Windows or UNIX servers, and access via VPN and firewall devices. In addition, restricting the use of removable media can often be an impediment to users getting their jobs done. In fact, the military has tried to ban the use of removable media in the past (to prevent the spread of viruses) but then was obliged to lift the ban due to pressure from users and the difficulty of enforcing it (many users will eventually find a way to circumvent end-point controls). InfoSphere Guardium enables organizations to continuously monitor and audit all user activities — in real-time — on all major enterprise applications (SAP, PeopleSoft, Cognos, etc.) and DBMS platforms (Oracle, DB2, SQL Server, Teradata, etc.) as well as document repositories like Microsoft SharePoint, which often contain sensitive information such as strategic plans, new product designs and other intellectual property. Many customers are using Guardium to not only monitor but also to block unauthorized activities such as access to cardholder data by outsourced DBAs. PC Magazine article: A few safeguards in place could have staved off the leakage of classified information from networks, many of which are available to businesses: activity monitoring, limiting which data is searchable, keeping tabs on user permissions, and deploying a robust data leak prevention solution. While no network is 100% impenetrable; there are several ways businesses can shore up networking security and preventing their own “WikiLeaks:”
Protecting Databases with Comprehensive Information ManagementBy Almudena Ruiz, Red Seguridad – Madrid, Spain More than 130 IT executives recently attended an IBM security seminar in Madrid, which focused on the importance of monitoring and protecting critical databases. The seminar’s industry experts included the deputy director of Spain’s federal data protection agency; the manager of security technology from Barclays Spain; a systems integration expert from Ernst & Young; the deputy editor of “Red Seguridad” (Network Security), a leading European security publication; and Phil Neray, VP of Data Security Strategy for IBM InfoSphere Guardium and Optim. The seminar was moderated and organized by Amal Mashlab, IBM Data Governance Segment Leader for Southwest Europe. “Red Seguridad” covered the event; following is a rough translation of an excerpt from the article.
Database security is one of the key problems facing organizations today. In fact, the 92% of all breached records are stolen from databases. One of IBM’s experts in IT security, Phil Neray, explained that the rise in external access to corporate networks has opened holes in the perimeter, making firewalls insufficient. He explained that the largest data breach in history, the Heartland breach, began with a SQL injection attack on a corporate website. Most of the organizations compromised by Albert Gonzalez did not even know they had been hacked until consumers complained that their credit cards were being used fraudulently. This suggests that the biggest problem faced is that they don’t know who’s accessing critical information, and how that information is being used. Neray also explained that Database Activity Monitoring (DAM) technologies like InfoSphere Guardium 8 provide continuous, real-time monitoring of all access to critical databases, without impacting performance or relying on native database logs. As a result, these systems are highly-scalable, [also heterogeneous and cross-platform] and provide more granular information than native logs, while simplifying audits with automated compliance reporting. Gawker Media Websites HackedBy Sam Gustin, Wired Gawker Media has been hacked. After bringing the company’s websites to a standstill Sunday, one or more hackers operating under the name Gnosis released a 500 MB file apparently containing Gawker’s source code, commenter and staff passwords, and internal conversations between the company’s employees. Gawker’s attackers managed to infiltrate the company’s content management system (CMS), user database, and internal communications system. The hackers then published a raw file containing that information. The email addresses and passwords of hundreds of thousands of Gawker users have been compromised, the hackers said. It’s the worst security breach in New York-based Gawker’s eight-year history, and a wake-up call to all web publishers. The successful Gawker hack followed a week of escalating attacks in the wake of Wikileaks’s continued release of U.S. State Dept. documents and counter-attacks by hackers associated with a group known as Anonymous, which has staged a campaign called Operation Payback. Over the last year, Gawker has been covering, with its trademark disdain, the antics of the 4Chan message board, leading 4Chan users to attack the site with denial-of-service attacks in July. That’s the same tactic being used against Visa.com, Paypal.com and Mastercard.com for those companies’ decisions to cut-off the ability to donate to WikiLeaks. According to a related article in The Next Web (TNW) Media, the posted file lists numerous Gawker MySQL databases, security credentials and examples of user accounts compromised in the process. Users that registered on Gizmodo, Lifehacker and Kotaku have found their accounts posted to the file. Interestingly, the attackers also show how many users use “password” in their login details – more than 2,700 records share the same password at a rough count. New IBM Information Integration and Governance ForumThe IBM Information Integration and Governance Forum is the new flagship event series for Information Management, which will take place in more than 50 cities around the world. The forum goes beyond demonstrating the power of better governance by sharing a step-by-step method for enabling organizations to implement a governance program, whether it relates to Master Data Management, business analytics, security, data warehouse or data consolidation projects – or selling Information Governance to executives. Check the IBM Information Integration and Governance Forum website for more information and newly added event locations and dates. On-Demand Webcast: Cybercrime Insights from Verizon’s 2010 Data Breach Investigations ReportThe 2010 Verizon Data Breach Investigations Report, in collaboration with the U.S. Secret Service, found more insider threats, greater use of social engineering and strong involvement by organized crime. Originally aired November 16, 2010, this on-demand, expert webcast featuring Christopher Novak from the Verizon Business RISK Team, provides insights from nearly 900 breaches — involving more than 900 million compromised records — including why:
You’ll also learn how database activity monitoring (DAM) can help you:
View this on-demand webcast: http://www.guardium.com/index.php/landing/1180 Additional On-Demand Webcasts:
Tech Tip of the Month: Microsoft SharePoint Monitoring and Auditing Question: In the recent release of InfoSphere Guardium, I see Microsoft SharePoint was added as a supported platform. Our organization is experiencing significant growth in information sharing via SharePoint, which has become a repository for highly sensitive data such as strategic plans, mergers & acquisitions, and new product designs. How can Guardium help us implement appropriate controls? Answer: The new SharePoint support in Guardium 8 allows you to implement Microsoft SharePoint controls similar to those you have in place for your sensitive databases. In Guardium 8, the S-TAP probes are able to monitor and audit SharePoint 2007 and SharePoint 2010 activities. This includes providing specific details on who executed what action, on what object, and when, as demonstrated in Figure 1. The information gathered from the SharePoint environment is available for use by the complete suite of InfoSphere Guardium applications – so you can write policies specifying appropriate use, monitor usage for violations, manage incidents, generate alerts and audit reports, and automate compliance workflow, just as you do with your database environment. Guardium 8 goes beyond simple SQL command parsing in order to monitor specific SharePoint actions such as which documents and files have been viewed or modified as well as administrative actions such as changes to permissions. Training2010 Technical Training Schedule Guardium on TwitterFollow Guardium on Twitter.com at http://twitter.com/guardium. The goal of Guardium Tweets is to post short, educational tips about data security as well as breaking news regarding data breaches. December tweets:
UPCOMING EVENTSPlease visit us at the following upcoming events: RSA 2011 IBM Pulse 2011 IANS Mid-Atlantic Information Security Forum SecureWorld Expo Boston STAY ON THE MAILING LIST Feedback: Please let us know what you like (and don’t like) about our newsletter by sending an email to pneray@us.ibm.com. QUICK LINKSIBM InfoSphere Guardium 8 Data Sheet |
Archive for ◊ 2010 ◊
Attendees at IBM database security seminar in Madrid.
Phil Neray, VP of Data Security Strategy, IBM InfoSphere Guardium & Optim.
Wednesday December 22, 2010
SHAH ALAM: Police have detained three people, including a couple, believed to be the masterminds in a scam involving reload transactions for Touch ’n Go cards.
Selangor Commercial CID chief Supt Ng Keok Chai said the suspects, aged between 28 and 30, were detained at a house in Kampung Sungai Kayu Ara, Damansara, at 10.45am on Sunday.
The suspects were tracked down during their attempt to perform a reload transaction in Kampung Sungai Kayu Ara, he added.
He said the arrests were made after a six-month surveillance of their activities following a report lodged by Touch ’n Go provider Rangkaian Segar Sdn Bhd on June 4.
Following their arrest, Supt Ng said the suspects led police to a house in Bandar Bukit Puchong, Puchong, where they seized several items, including 19 Touch ’n Go cards, two SmartTAG devices and a laptop.
“Investigations also revealed that the suspects committed fraud by reloading their Touch ’n Go cards up to RM500 but the cards were used by them only and not sold or distributed to others,” he added.
Supt Ng said following the report lodged by Rangkaian Segar, police advised the company to allow the transactions to go through to facilitate investigations.
The suspects had been remanded for four days from Monday, he added. — Bernama
http://www.thestar.com.my/news/story.asp?file=/2010/12/22/nation/7667458&sec=nation
)Edited & published by Jean Scheid (98,541 pts
) on Dec 21, 2010
IBM Cloud Computing – A Prologue
This article on IBM cloud computing is actually a compilation of important points from a whitepaper on IBM’s Infosphere Guardium. These excerpts from IBM cloud computing show how they manage their clients’ databases so that clients need not worry about their databases once they start using Infosphere Guardium.
In the words of IBM, “More Global (1,000 organizations) trust IBM to secure their critical enterprise data than any other technology provider. The fact is, we provide the simplest, most robust solution for safeguarding financial and ERP information, customer and cardholder data, and intellectual property stored in your enterprise systems.”
The IBM cloud computing whitepaper also says that their security platforms stop unapproved and doubtful activities – be it on part of the insiders having access privileges or hackers. The IBM Infosphere Guardium also monitors your database for frauds by end users of your own company or from the employees who work for other companies. Normally, it would be easy for anyone using the Oracle e-business suite and PeopleSoft to break into cloud-based databases. However, IBM cloud computing is designed to prevent such access attempts. While protecting your databases from unapproved access and hack attempts, Infosphere Guardium optimized operational efficiency with an easily scalable architecture that automates and centralizes the compliance controls across the entire database and associated applications’ infrastructure.
Further, IBM claims that Infosphere Guardium does not have any negative impacts on applications or database performance. It does not require changes to your databases. Another feature of Infosphere Guardium is that it is not reliant on native database logs and audit resources for securing and maintaining your databases
The following section presents the features of IBM cloud computing and the IBM Infosphere Guardium as per the whitepaper.
IBM Cloud Computing – Features of IBM Infosphere Guardium
As per the IBM cloud computing whitepaper, Infosphere Guardium is the only solution that meets the needs of the entire database security and compliance lifecycle. It come with a unified web console and workflow automation that helps you with many tasks.
Infosphere Guardium features include:
- Helps you search and classify information in the database;
- Assesses database vulnerabilities and configurations flaws;
- Makes sure that the databases are locked after each operation that requires access;
- Offers you an audit trail so that you can get maximum visibility into database transactions;
- Tracks activities on related file sharing platforms such as SharePoint;
- Automates the entire auditing process; and,
- Helps you scale from a single database to protecting several thousands of databases across the world by way of distributed data centers.
The image below, further details the features of IBM cloud computing (click to enlarge).
In the words of IBM cloud computing, “Built upon a single unified console and a back-end data store, InfoSphere Guardium offers a family of integrated modules for managing the entire database security and compliance lifecycle.”
The above image divides the functioning of IBM cloud computing into four major parts:
1) Find and Classify
2) Monitor and Enforce
3) Audit and Report
4) Assess and Harden
This section talks about the four major aspects of IBM cloud computing as shown in the image on the previous page.
Find and Classify
IBM says if you use Infosphere Guardium , you get resources that help you research and classify information into different data types. It enforces security policies according to the classification of data to make sure that only authorized people can access the data. The database is checked on a regular basis to make sure that all the data is indexed and no data is left out.
Monitor and Enforce
Infosphere Guardium offers you with real time policies that help you in tracing and avoiding unapproved or suspicious activities. These policies are effective for both internal users and external hackers. These policies also track the different applications that access the databases to make sure that no application or the person using the application is trying to access data that the application or user is not authorized to view. These processes eliminate the need of Database Admins (DBA). IBM emphasizes on the term – real time – when referring to these processes and policies.
Audit and Report
Infosphere Guardium offers a real time, regular log of all database activities that can be analyzed and filtered to produce the information required by auditors. These reports help in assessing the security and performance of the databases. For example, one can trace attempts from an unknown user, or an unapproved application to access data. Based on these log files, one can take action as required. The Infosphere Guardium also has a rich set of 150 templates for your reporting needs. In addition to these, it offers the capability to produce custom designed reports using a drag and drop interface.
Assess and Harden
One of the major benefits of using Infosphere Guardium is that it contains a module that continuously scans the entire database for vulnerabilities. This is useful as every database, be it on a local server or on cloud, is open to threats in some way or the other. The Infosphere Guardium process not only scans using a set of industry standard rules, it also offers recommendations to further strengthen the database on the IBM cloud.
♦Image Courtesy: IBM Whitepaper on Infosphere Guardium.
This was a collection of important points from the IBM cloud computing whitepaper. If you wish to know more, please feel free to leave a comment below for more details. Also comment if you wish to share your experience with IBM cloud computing – whether or not related to Infosphere Guardium.
Read more: http://www.brighthub.com/environment/green-computing/articles/100217.aspx?p=2#ixzz18qXJj9kk
Another interesting topic at Gartner’s Datacenter Conference 2010, is the trend of more and more vendor tools providing functional level integration and data integration between 2010 – 2015. The end goal is to move into a management framework.
However, there is the challenge of vendor lock-in. So an alternative to having one management vendor’s framework is to purchase a set of best of breed mini management product suites in some sub areas and fill in the gap with best of breed point products. The live audience poll greatly favored this approach.
I am delighted to hear the term ‘mini-management suite’. In a way, we can think of our Integrated Datacenter and Cloud Monitoring solution as a mini-suite in the monitoring area within the datacenter operation management umbrella.
Our approach of integrating the availability, performance, security, and change monitoring coupled with auto-discovery, and a CMDB allows us to truly integrate at the data level. The cross-correlation of all of these multi-sourced data points with powerful analytics capabilities, whether it is logical analytics for relationships and patterns, or trending analysis for anomalies and best practices, provides datacenter operations the intelligence and proactive capabilities that they require.
These capabilities allow us (AccelOps) to provide our users (datacenter operators) a best of breed, integrated framework or mini-suite in the monitoring area.
Interestingly, when polling the live audience in the event, 27% of the audience responded that they currently use “other solutions” than the big 4’s. And 25% will use “other solutions than the Big 4’s” for 2011. When asked how many have the confidence for the big 4’s solutions, 34% of the audience responded NOT having the confidence in the big 4 and in infrastructure vendors’ (e.g. Cisco, VMWare, Oracle, Microsoft) solutions.
I think that is the reason why our solution is so well received and welcomed by the market: a lot of room for new innovations like ours to address issues in the increasingly complex but increasingly important datacenter and its operations.
There are two other opportunities for the new players according to Gartner, besides managing across multiple sourced environments (which is the integration point already mentioned):
- Alternative delivery methods (e.g. SaaS, subscription model) — AccelOps has this already.
- Penetrating customers outside the Global 2000 — AccelOps was built for this market with ease of use, ease of deployment, and with the right TCO.
I am glad that we are hitting the mark! I have good feelings coming back from the Gartner Conference — a lot of reassurance and confirmation!
Contributed by: http://www.accelops.net/blog/?p=335
The recent theft of customer information belonging to McDonald’s is thought to be part of a larger security breach that may affect more than 105 companies that contract with Atlanta-based email marketing services firm Silverpop Systems.
In a notice on its website, McDonald’s recently warned customers who registered for promotions or subscribed to any McDonald’s website that their email addresses and other personal information may have been compromised by hackers.
The fast-food chain said an unauthorized individual was able to gain access to customer information after defeating the security measures put in place by an email database management firm.
McDonald’s did not reveal the name of the firm responsible for maintaining its breached database, but according to at least one report, federal investigators believe it was Silverpop Systems, which also provides marketing services to more than 105 corporate clients.
Silverpop, in a notice to customers on Monday, said that it had suffered a cyberattack that affected a “small percentage” of customer accounts. The company is working with the FBI to investigate the breach and has changed all the passwords for customer accounts.
Federal investigators believe that Silverpop was targeted, along with several other technology providers as part of a broader attack, Bill Nussey, CEO of Silverpop Systems, wrote in the notice.
“Third-party experts have confirmed that the attack was particularly sophisticated, and we are working with customers and industry peers to share what we have learned,” Nussey wrote in a second notice posted on Wednesday.
At least one other company affiliated with Silverpop has issued a warning to customers about the intrusion. DeviantART, a social networking site for art enthusiasts with more than 13 million members, notified users that their email addresses were stolen by hackers who broke into Silverpop’s servers.
“This was probably part of a sweep by spammers,” DeviantART wrote in its notice. “Because we value the information that members give us, we have decided not to rely on the services of Silverpop in the future, and their servers will no longer hold any data from us.”
In another incident that may connected, drugstore chain Walgreens revealed late last week that its email marketing list was stolen by cybercriminals who used it to send out legitimate-looking phishing emails.
Walgreens did not reveal how the data was stolen, but coincidentally, the drugstore chain shares a business partner with McDonald’s. Both companies use the marketing services firm Arc Worldwide — the company that hired Silverpop Systems, according to reports, to manage McDonald’s database.
In the McDonald’s case, the breached database contained information that was gathered through voluntary subscriptions to the company’s websites or promotions, the chain said. The data may also have included customer names, postal addresses, home or cell phone numbers, birth dates, gender, and information about users’ promotional preferences and web information interests. Social Security numbers and financial information were not involved.
The incidents underscore the importance of ensuring all sensitive data — whether stored internally or with a third-party — is secure, Josh Shaul, vice president of product management at database security company Application Security, told SCMagazineUS.com on Wednesday.
“Firms really need to recognize that the money is in the data, the data is in the database, and they better go protect that database if they want to protect the money,” he said.
Most companies are slacking, though, when it comes to database security, Shaul said. According to research by his company, set to be released next month, fewer than 10 percent of databases contain security controls.
http://www.scmagazineus.com/exposed-mcdonalds-data-may-be-linked-to-third-party/article/192885/
USAID Uses netForensics SIM Solution to Collect and Correlate Security
Events From Different Vendors Technologies to Help Measure
Agency’s Overall Risk and Security Posture
EDISON, N.J., Feb. 16 /PRNewswire/ -- (RSA Security Conference) --
netForensics, Inc., the pioneer and recognized market leader in Security
Information Management (SIM), today announced that the United States Agency
for International Development (USAID) is the recipient of SC Magazine's Best
Security Implementation of the Year award. The SC Magazine Awards highlight
and showcase the best products, services and professionals in the information
security industry. SC Magazine had over 1,300 nominations for its 2006 Global
Awards show.
The nomination highlighted USAID's use of the nFX Open Security Platform
(nFX OSP), to collect and correlate security events from different vendors
technologies and help measure the organizations overall risk and security
posture. In a 2005 testimony (April 7) before the House Committee on
Government Reform on the status of Federal Agencies implementation of FISMA,
John Streufert, Acting CIO of USAID noted that SIM played a critical role in
its achieving the only A+ on the annual Federal Computer Security Report Card.
In the April 7 testimony, Streufert stated, "Even though we have reduced
our network-based vulnerabilities, we understand that security is a moving
target. We cannot mitigate all the risks any more than we can stamp out all
the possible vulnerabilities. Network threats exist. To combat this reality,
we have deployed a global network of security devices that transmit security
event information to a central collection, correlation, and reporting system
called a Security Information Management system (SIM)."
"This SIM collects suspicious security events and anomalies from hundreds
of security devices and firewalls deployed throughout the enterprise. By
collecting all our security events in the SIM database, we are able to
correlate events across all disparate security device types within the
enterprise, a powerful and critical tool when managing incident response on a
global network. With daily reviews and active monitoring, we can identify and
quickly respond to new information technology security threats and virus
attacks. The technology also supports our incident reporting to US-CERT at the
Department of Homeland Security, which provides important information to the
rest of the federal community."
"We applaud USAID's effort and determination for ensuring their worldwide
organization is protected and fully meets the government's FISMA
requirements," said Dennis Cline, President of netForensics. "The scalability
of nFX OSP enables netForensics to help address the decision support and
process automation demands of today's enterprises such as USAID which has over
70 offices worldwide. Our solution solves core SIM problems such as threat
identification, event correlation, and incident response, while providing a
foundation for broader enterprise security and compliance solutions."
About netForensics
netForensics is the leading authority in Security Information Management
(SIM) with nearly 400 clients -- including Global 1000 enterprises and
government organizations operating some of the largest networks in the world.
netForensics is the only SIM vendor with an integrated family of enterprise-
class products and services that are based on the proven, repeatable nFX(TM)
information security methodology. This combination empowers security
organizations to combat threats more efficiently, while connecting the
security organization with network operations, compliance, and risk
management. With award-winning technology, netForensics improves security
operations performance by extracting real-time intelligence from point
security products and applications into a single data repository, flagging the
most-critical issues and launching integrated incident resolution and
remediation processes. netForensics is headquartered in Edison, NJ with sales
offices worldwide. For more information, please call 732.393.6000 or visit
http://www.netforensics.com.
Contributed by: http://www.prnewswire.com/news-releases/netforensics-customer-united-states-agency-for-international-development-wins-sc-magazine-award-for-best-security-implementation-of-the-year-55342272.html
By Troy Kitch on December 10, 2010 3:57 PM
The recent Top 6 Database Security Worst Practices webcast revealed the Top 6, and a bonus 7th , database security worst practices:
- Privileged user “all access pass”
- Allow application bypass
- Minimal and inconsistent monitoring/auditing
- Not securing application data from OS-level user
- No SQL injection defense
- Sensitive data in non-production environments
- Not securing complete database environment
These practices are uncovered in the 2010 IOUG Data Security Survey. As part of the webcast we looked at each one of these practices and how you can mitigate them with the Oracle Defense-in-Depth approach to database security. There’s a lot of additional information to glean from the webcast, so I encourage you to check it out here and see how your organization measures up.
Contributed by: http://blogs.oracle.com/securityinsideout/2010/12/steps_to_mitigate_database_sec.html
New survey reveals careless attitudes to hypervisor holes
By Maxwell Cooter | Techworld
Published: 18:08 GMT, 09 December 10
Companies instigating major virtualisation projects are struggling to cope with security. According to new research, nearly three-quarters of all organisations are concerned hypervisor privileges could lead to abuse, while nearly four out of ten organisations believe that virtual environments are more difficult to keep secure than physical ones.
The survey, conducted by European research company KuppingerCole, found that 73 percent of global organisations were concerned that the nature of hypervisors could cause problems. Seventy-three percent of respondents are worried that the far-reaching privileges that hypervisors have could be abused by users.
In addition, the hypervisor also introduces an extra layer into virtualised environments providing another vulnerability that could be exploited. Organisations have not yet considered the security implications of this, according to the study. The research found that 49 percent of respondents had neither implemented a privileged user management (PUM) nor a security log management solution.
Another feature of virtualised environments, data sprawl, is also not being addressed by organisations even though the vast majority are aware of the problem – 81 percent of respondents consider the risk of data sprawl as ‘very important’ or ‘important’. However, although Data loss prevention (DLP) solutions can help manage the risks of data sprawl, only 38 percent of organisations have implemented them.
Only 65 percent of respondents claimed to enforce a separation of duties for administrative tasks across virtual platforms? despite this being recognised as the best practice for virtualised environments.
Companies are loath to use the tools to automate this practice, more than 40 percent of respondents do not use the relevant software. Additionally, only 42 percent of the respondents perform regular access certifications for privileged users or are able to adequately monitor and log privileged access.
“This demonstrates that the automation technologies available to mitigate the risks from privileged access in virtualised environments are not yet widely deployed,” says Shirief Nosseir, EMEA product marketing director, security management, CA Technologies, who commissioned the survey. “If they were, IT organisations could control the risks arising from virtualisation security and ultimately better leverage the benefits of virtualisation.”
Contributed by: http://news.techworld.com/virtualisation/3252758/companies-fail-to-adopt-security-policies-in-virtualised-environments/
By Imin Lee (CEO) on December 9th, 2010
I just came back from the Gartner Datacenter Conference 2010 in Las Vegas. A high quality conference with all of the relevant attendees: datacenter executives, mid-level managers and directors, and datacenter architects. Of course, being Gartner, it is packed with multi-track sessions, discussions and interesting keynotes. Lots of metrics and interesting facts. One of the things I liked is the live polling of the audience, which came back with data very much matching the metrics Gartner had gathered in the marketplace. Bingo!
There are a lot of take-aways from this conference. Here, I would like to focus on one thing: what are the key things to look for in an IT Operations Management tool?
In one of the town hall meetings dedicated to the topic of IT Operations, all Gartner analysts in this area, such as David Williams, Debra Curtis, and Ronni Colville gave their thoughts. One of the audience members stood up and asked: “How can I tell the difference between all the IT operations management tools as they all sound alike?” The answer is: yes, the majority of them all sound the same. Unfortunately, today’s tools are still very much fragmented in functionality, according to Gartner. They are not tying together multi-sourced data, and not tying that with live discovery information in the CMDB. This is something that is very difficult to get right.
So the key things to look for in an IT management tool are:
- Can the CMDB be auto-populated by auto-discovered data? Auto-discovery is the key.
- Can all of the data (events, logs, metrics) be cross-correlated and is the up-to-date CMDB data referenced for the understanding of availability, performance, security and change?
- Is the GUI very intuitive, and is information presented in an easy to understand and easy to analyze fashion?
Being an audience member in this session, I could not be happier to hear these key points from the analysts. For us, it is a confirmation and reassurance of our product direction, and on how we see the IT operations market challenges and how we address them.
The above mentioned items for an IT management tool are the key differentiators for AccelOps, where our customers appreciate the capability of our auto-discovery, and auto-population of the CMDB. The cross-correlation engine and analytics capabilities are highly regarded and that is core to our DNA. AccelOps is designed to collect and cross-correlate all sources of data for multiple functions: availability, performance, security and change monitoring and proactive alerting. And the flexibility and the presentation of the data via our GUI are a generation ahead of the tools existing in the market (quoted by some of our customers and industry analysts).
http://www.accelops.net/blog/?p=323
By: Samara Lynn, 12.02.2010
The current WikiLeaks furor has dredged up a storm of debate but there’s one troubling revelation that is crystal clear: if the government is vulnerable to network security and data breaches, your business is too.
A few safeguards in place could have staved off the leakage of classified information from networks, many of which are available to small businesses: activity monitoring, limiting which data is searchable, keeping tabs on user permissions, and deploying a robust data leak prevention solution.
According to an article from the National Journal these leaked “cables” and incident reports are transmitted as PDF files by government workers to a secured network but then are stored as searchable PST files. That’s right, the same PST files you create when you backup your folders in Outlook. Apparently, all anyone with access had to do was download the PST files and extract them. Voila! Exposed data.
The most immediate question anyone responsible for network security would ask in this case would be, “Who was responsible for tracking network activity to monitor who was downloading what and when?” As per the National Journal post, since government analysts routinely download and upload these files, activity logs were pretty much ignored and no one noticed any suspicious pattern of activity. In other words, whoever was in charge of network security got too comfortable and let their guard down.
Since this recent leak, a Pentagon official noted that procedures had changed and that now these analysts seeking to upload or download data must do so in a supervised setting. That’s a good start, but the fact that it took such a security breach to implement a measure for critical data is unfortunate.
When it comes to protecting your business’ network and data, it pays to be paranoid — especially when it comes to that critical data that could make or break your business: customer information, patient information, and the like. Activity logging, locking down access to USB drives, and careful monitoring of networking admins, or any person given keys to the network, may seem draconian but these are all essential components of a good security plan
While no network is 100% impenetrable; there are several ways small businesses can shore up networking security and preventing their own “wikileaks:”
- Take a Multi-Faceted, Layered Approach: Network security is not just about having an antivirus program running on every desktop. It’s all-inclusive. This means any node on your network, wireless and wired, must be protected. It also means you have compliance rules that govern anything that is allowed to connect to your network. You must also have protective measures for data both at rest and in transit. This means protecting not just data on servers and user machines, but data that goes in and out of your network, with security methods like encryption. Finally, you’ve got to keep control of mobile devices on your network as well as which USB devices may or may not have access.
- Create, Adhere to and Maintain a Security Policy: No matter the size of your company, best practice dictates that the first step is creating and documenting a security plan. This is required by regulations like HIPPA, but it’s actually a good idea for any business with a network. Educate and familiarize employees with the plan. Keep it updated as you add and deploy new technology on the network, or when new technologies like the iPad emerge. Most importantly, adhere to it.
- Protect the Perimeter: Third-party application or appliance firewalls (separate from the default firewalls found in OSes and routers), Unified Threat Management devices, and Intrusion Detecion/Protection systems (IDS/IPS) are all parts of a layered, comprehensive security solution. Purchase the best devices you can, as these technologies can help protect against DDoS attacks, snooping and other external threats. Zyxel offers UTM appliance for the SMB, as does eSoft. Juniper and Dell have partnered to deliver the J-SRX Services Gateway Series. Cisco and Juniper also offer many firewall and IPS/IDS solutions. Many SMB security devices are designed to be easily deployed without the need for dedicated IT support.
- Secure Endpoints: It’s vitally important to cover your network endpoints. What’s an endpoint? Any single thing that can attach to your network, whether it’s a server or a USB drive. Pay particular attention to those small portable devices like USB and external hard drives. They can be carriers of threats, sneaking them into and out of your business’ network. For years, network security admins considered networks as closed, unified entities, and designed their defensive strategies accordingly. With the proliferation of portable devices, you’ve got to consider your network as an expandable, mobile one. That’s why endpoint security is crucial. Patching endpoints, performing vulnerability assessments, remediation, and enforcing corporate compliance are all part of effective endpoint security.
- Implement Data Leak Prevention: DLP is software or devices that can aid in preventing data theft from within an organization. It does so by allowing network administrators to lock out unauthorized users from USB and FireWire devices, prevent users from connecting PDAs or any other plug-and-lay devices, and allow defining and controlling data retrieval policies. One example of a DLP solution is DeviceLock.
- Adhere to Corporate Compliance: Corporate compliance isn’t the same as a security policy. A policy is your network’s laws, whereas compliance refers to their enforcement. For example, enforcing compliance means preventing any PC or laptop from accessing the network if it doesn’t have the security patch specified in your policy. Products such as Trend Micro Worry Free; Symantec Protection Suite for Small Business and McAfee Total Protection for Endpoint are all focused on securing the endpoint
- Don’t Forget User Security: Security problems can originate from what’s in between the keyboard and chair: end-users. Restricting what users can and cannot access (maybe using a Web filter to prevent Facebook access during work hours, for example) can stop nasty bugs from entering your network. Don’t run a free-for-all network; force users to authenticate into the network, whether it’s a wired Windows Domain using Active Directory, a SQL Server or a wireless router. For organizations with highly sensitive data, there are third-party solutions like RSA SecurID which provides two-factor authentication for users to access network resources. Implementing authentication lets you keep tabs on who is accessing what, when they can access it, and helps in keeping hackers out. No matter how effective you are in securing up a network, you still have to contend with end-users, who often inadvertently make the biggest security breaches. Educate users about security and policies.
- Smartphones and Mobile Devices Need Security, Too: Threats are still largely endemic to the Windows ecosystem. That doesn’t mean other devices, such as Apple products and smartphones, should be left unsecured, however. Treat them as you would treat any other endpoint and ensure they comply with your security rules. For example, only allow them to connect to your network if your endpoint solution detects that they have antivirus installed. A recent study showed that, yes, you do need security on smartphones and assessed four different mobile phone security solutions. You may think the potential for being hacked via your cellphone is remote, but at the very least you’ll want some software on your handsets that lets you lock them down should they be stolen.
- Don’t Set It and Forget It: There are a number of routine network housekeeping tasks that should be part of your security strategy. Keeping all of your software updated is one. This not only includes Windows Updates and patches for servers and clients, but applications, firmware upgrades on routers and switches, and pertinent updates for smartphones on the network. Many of these updates contain security fixes and patches. Keep a handle on updates and patches with a solution like GFI LANguard, which offers patch management. Also, as users come into and leave your network, be sure to remove or disable (depending on your corporate policy) their access to the network and its resources.
- Watch the Watchers: Anyone responsible for maintaining network health and security, from the CIO on down, should be part of a checks-and-balances system where no one person has lone knowledge over passwords or network activity. There are several third-party security vendors, such as Guardium who make devices that will log all activity happening on a database, including alerts for changes made by administrators. Log files should be enabled for major transactions and network activity and regularly inspected.
http://www.pcmag.com/article2/0,2817,2373691,00.asp